Skip to content

Commit b5734ed

Browse files
mrthankyoumrthankyou
authored
Merge branch 'main' into jty/python/emailInjection
2 parents c155ac6 + 677c436 commit b5734ed

File tree

2,207 files changed

+142212
-105913
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

2,207 files changed

+142212
-105913
lines changed

.bazelrc

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
build --copt="-std=c++17"
2+
3+
try-import %workspace%/local.bazelrc

.bazelversion

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
5.0.0

.github/actions/fetch-codeql/action.yml

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,22 @@ description: Fetches the latest version of CodeQL
33
runs:
44
using: composite
55
steps:
6+
- name: Select platform - Linux
7+
if: runner.os == 'Linux'
8+
shell: bash
9+
run: echo "GA_CODEQL_CLI_PLATFORM=linux64" >> $GITHUB_ENV
10+
11+
- name: Select platform - MacOS
12+
if: runner.os == 'MacOS'
13+
shell: bash
14+
run: echo "GA_CODEQL_CLI_PLATFORM=osx64" >> $GITHUB_ENV
15+
616
- name: Fetch CodeQL
717
shell: bash
818
run: |
919
LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
10-
gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
11-
unzip -q -d "${RUNNER_TEMP}" codeql-linux64.zip
20+
gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-$GA_CODEQL_CLI_PLATFORM.zip "$LATEST"
21+
unzip -q -d "${RUNNER_TEMP}" codeql-$GA_CODEQL_CLI_PLATFORM.zip
1222
echo "${RUNNER_TEMP}/codeql" >> "${GITHUB_PATH}"
1323
env:
1424
GITHUB_TOKEN: ${{ github.token }}

.github/workflows/check-qldoc.yml

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
name: "Check QLdoc coverage"
2+
3+
on:
4+
pull_request:
5+
paths:
6+
- "*/ql/lib/**"
7+
- .github/workflows/check-qldoc.yml
8+
branches:
9+
- main
10+
- "rc/*"
11+
12+
jobs:
13+
qldoc:
14+
runs-on: ubuntu-latest
15+
16+
steps:
17+
- name: Install CodeQL
18+
run: |
19+
gh extension install github/gh-codeql
20+
gh codeql set-channel nightly
21+
gh codeql version
22+
env:
23+
GITHUB_TOKEN: ${{ github.token }}
24+
25+
- uses: actions/checkout@v2
26+
with:
27+
fetch-depth: 2
28+
29+
- name: Check QLdoc coverage
30+
shell: bash
31+
run: |
32+
EXIT_CODE=0
33+
changed_lib_packs="$(git diff --name-only --diff-filter=ACMRT HEAD^ HEAD | { grep -o '^[a-z]*/ql/lib' || true; } | sort -u)"
34+
for pack_dir in ${changed_lib_packs}; do
35+
lang="${pack_dir%/ql/lib}"
36+
gh codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-current.txt" --dir="${pack_dir}"
37+
done
38+
git checkout HEAD^
39+
for pack_dir in ${changed_lib_packs}; do
40+
# When we add a new language, pack_dir would not exist in HEAD^.
41+
# In this case the right thing to do is to skip the check.
42+
[[ ! -d "${pack_dir}" ]] && continue
43+
lang="${pack_dir%/ql/lib}"
44+
gh codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-baseline.txt" --dir="${pack_dir}"
45+
awk -F, '{gsub(/"/,""); if ($4==0 && $6=="public") print "\""$3"\"" }' "${RUNNER_TEMP}/${lang}-current.txt" | sort -u > "${RUNNER_TEMP}/current-undocumented.txt"
46+
awk -F, '{gsub(/"/,""); if ($4==0 && $6=="public") print "\""$3"\"" }' "${RUNNER_TEMP}/${lang}-baseline.txt" | sort -u > "${RUNNER_TEMP}/baseline-undocumented.txt"
47+
UNDOCUMENTED="$(grep -f <(comm -13 "${RUNNER_TEMP}/baseline-undocumented.txt" "${RUNNER_TEMP}/current-undocumented.txt") "${RUNNER_TEMP}/${lang}-current.txt" || true)"
48+
if [ -n "$UNDOCUMENTED" ]; then
49+
echo "$UNDOCUMENTED" | awk -F, '{gsub(/"/,""); print "::warning file='"${pack_dir}"'/"$1",line="$2"::Missing QLdoc for "$5, $3 }'
50+
EXIT_CODE=1
51+
fi
52+
done
53+
exit "${EXIT_CODE}"

.github/workflows/ql-for-ql-build.yml

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,10 @@ jobs:
1616
- uses: actions/checkout@v2
1717
- name: Find codeql
1818
id: find-codeql
19-
uses: github/codeql-action/init@erik-krogh/ql
19+
uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
2020
with:
2121
languages: javascript # does not matter
22+
tools: latest
2223
- name: Get CodeQL version
2324
id: get-codeql-version
2425
run: |
@@ -159,7 +160,7 @@ jobs:
159160
PACK: ${{ runner.temp }}/pack
160161
- name: Hack codeql-action options
161162
run: |
162-
JSON=$(jq -nc --arg pack "${PACK}" '.resolve.queries=["--search-path", $pack] | .resolve.extractor=["--search-path", $pack] | .database.init=["--search-path", $pack]')
163+
JSON=$(jq -nc --arg pack "${PACK}" '.database."run-queries"=["--search-path", $pack] | .resolve.queries=["--search-path", $pack] | .resolve.extractor=["--search-path", $pack] | .database.init=["--search-path", $pack]')
163164
echo "CODEQL_ACTION_EXTRA_OPTIONS=${JSON}" >> ${GITHUB_ENV}
164165
env:
165166
PACK: ${{ runner.temp }}/pack
@@ -171,22 +172,25 @@ jobs:
171172
echo "paths:" > ${CONF}
172173
echo " - ${FOLDER}" >> ${CONF}
173174
echo "paths-ignore:" >> ${CONF}
174-
echo " - ql/ql/test" >> ${CONF}
175+
echo " - ql/ql/test" >> ${CONF}
176+
echo "disable-default-queries: true" >> ${CONF}
177+
echo "packs:" >> ${CONF}
178+
echo " - codeql/ql" >> ${CONF}
175179
echo "Config file: "
176180
cat ${CONF}
177181
env:
178182
CONF: ./ql-for-ql-config.yml
179183
FOLDER: ${{ matrix.folder }}
180-
181184
- name: Initialize CodeQL
182-
uses: github/codeql-action/init@erik-krogh/ql
185+
uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
183186
with:
184187
languages: ql
185188
db-location: ${{ runner.temp }}/db
186189
config-file: ./ql-for-ql-config.yml
190+
tools: latest
187191

188192
- name: Perform CodeQL Analysis
189-
uses: github/codeql-action/analyze@erik-krogh/ql
193+
uses: github/codeql-action/analyze@aa93aea877e5fb8841bcb1193f672abf6e9f2980
190194
with:
191195
category: "ql-for-ql-${{ matrix.folder }}"
192196
- name: Copy sarif file to CWD

.github/workflows/ql-for-ql-dataset_measure.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626

2727
- name: Find codeql
2828
id: find-codeql
29-
uses: github/codeql-action/init@erik-krogh/ql
29+
uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
3030
with:
3131
languages: javascript # does not matter
3232
- uses: actions/cache@v2

.github/workflows/ql-for-ql-tests.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
- uses: actions/checkout@v2
2121
- name: Find codeql
2222
id: find-codeql
23-
uses: github/codeql-action/init@erik-krogh/ql
23+
uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
2424
with:
2525
languages: javascript # does not matter
2626
- uses: actions/cache@v2

.github/workflows/ruby-qltest.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ jobs:
6363
qltest:
6464
runs-on: ubuntu-latest
6565
strategy:
66+
fail-fast: false
6667
matrix:
6768
slice: ["1/2", "2/2"]
6869
steps:

.github/workflows/swift-qltest.yml

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
name: "Swift: Run QL Tests"
2+
3+
on:
4+
pull_request:
5+
paths:
6+
- "swift/**"
7+
- .github/workflows/swift-qltest.yml
8+
branches:
9+
- main
10+
defaults:
11+
run:
12+
working-directory: swift
13+
14+
jobs:
15+
qlformat:
16+
runs-on: ubuntu-latest
17+
steps:
18+
- uses: actions/checkout@v2
19+
- uses: ./.github/actions/fetch-codeql
20+
- name: Check QL formatting
21+
run: find ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 codeql query format --check-only
22+
qltest:
23+
runs-on: ${{ matrix.os }}
24+
strategy:
25+
fail-fast: false
26+
matrix:
27+
os : [ubuntu-20.04, macos-latest]
28+
steps:
29+
- uses: actions/checkout@v2
30+
- uses: ./.github/actions/fetch-codeql
31+
- name: Install bazelisk - Linux
32+
if: runner.os == 'Linux'
33+
run: |
34+
sudo apt-get update
35+
sudo apt-get install -y wget
36+
wget https://github.com/bazelbuild/bazelisk/releases/download/v1.11.0/bazelisk-linux-amd64
37+
mv bazelisk-linux-amd64 /usr/local/bin/bazel
38+
chmod +x /usr/local/bin/bazel
39+
- name: Install bazelisk - macOS
40+
if: runner.os == 'MacOS'
41+
run: |
42+
brew install bazelisk
43+
- name: Build Swift extractor
44+
run: |
45+
bazel run //swift:create-extractor-pack
46+
- name: Run QL tests
47+
run: |
48+
codeql test run --threads=0 --ram 5000 --search-path "${{ github.workspace }}/swift/extractor-pack" --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition ql/test
49+
env:
50+
GITHUB_TOKEN: ${{ github.token }}
51+

.gitignore

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
# Byte-compiled python files
1818
*.pyc
1919

20-
# python virtual environment folder
20+
# python virtual environment folder
2121
.venv/
2222

2323
# It's useful (though not required) to be able to unpack codeql in the ql checkout itself
@@ -29,4 +29,10 @@ csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/launchSettings.json
2929
.codeql
3030

3131
# Compiled class file
32-
*.class
32+
*.class
33+
34+
# links created by bazel
35+
/bazel-*
36+
37+
# CLion project files
38+
/.clwb

0 commit comments

Comments
 (0)